cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
ltwagnon
Legacy Employee
Legacy Employee

Most websites utilize https:// encryption to secure traffic to/from their webservers.  This is a blessing and a curse...it's a blessing because the traffic is unreadable in its encrypted form.  It's a curse because, well, the traffic is unreadable in its encrypted form.  How will anyone know to block certain traffic (i.e. malware, etc) if its unreadable?  The answer is...you can't.  In order to inspect this encrypted traffic, you can implement a BIG-IP solution that decrypts the traffic and then sends it to a separate FireEye cluster of servers to inspect and take action on the traffic.  In this Lightboard Lesson video, John explains the solution of using a BIG-IP and FireEye device to inspect traffic and keep your webservers safe.  Enjoy!



Related Resources:

Comments
Harry1
Nimbostratus
Nimbostratus

Thanks Jhon for this session. could you please guide ,from where can i see the physical connectivity and placements of devices.

 

Marvin
Cirrostratus
Cirrostratus

Hi John,

 

Great integration, however I was working on this integration last year and I could never made it to work in layer 2 using the single Big IP solution (using route domains). F5 engineering informed me that the solution works in layer 3, that is using serveral vlans and subnets on the internal side, FireEye segment and external segment, but what if the customer does not want to change their IP addresses?

 

Another thing to take into account is a technology named proxy chaining requiered when the customer wants to maintain their explicit proxy, otherwise the proxy communication will not be decrypted and send to the upwards explicit proxy.

 

What we are looking for is a transparent layer 2 setup without having to change the network infrastructure.

 

As I said I tested the solution in our lab last year but never got it to work properly:

 

https://tstdmzdevcentral.olympus.f5net.com/questions?pid=41946 (imagine there is a FireEye in between the to logical F5 big IPs)

 

Do you have any update on this integration if it is possible to do the Layer 2 setup and is there an Iapp available to implement it far more easily?

 

Best regards,

 

Marvin

 

ltwagnon
Legacy Employee
Legacy Employee
JWhitesPro_1928
Cirrostratus
Cirrostratus

Are there any guides on the ingress solution using one BigIP?

 

ltwagnon
Legacy Employee
Legacy Employee

JWhitesPro, here's a deployment guide on iApp for SSL intercept and it covers both ingress and egress: https://www.f5.com/pdf/deployment-guides/ssl-intercept-dg.pdf

 

JWhitesPro_1928
Cirrostratus
Cirrostratus

Thanks John.

 

I think all of the guides I’ve seen seem to be geared towards using the F5 to inspect internal client traffic going out via a forward proxy scenario—is there any documentation on using the F5/FireEye to inspect ingress traffic from the internet while only having a single BIGIP?

 

Version history
Last update:
‎19-Jan-2017 18:00
Updated by:
Contributors